Microsoft Speech API – Remote Code Execution Vulnerability

 

Description: A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input.

Threat: To exploit the vulnerability, an attacker would need to convince a user to open a specially crafted document containing TTS content invoked through a scripting language.

Criticality: High

Update/Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0985

 

Adobe Campaign – Arbitrary Code Execution Vulnerability

 

Description: Adobe has released a security update for Adobe Campaign Classic.

Threat:  This update addresses a critical vulnerability that could result in arbitrary code execution.

Criticality: High

Update/Patch: https://helpx.adobe.com/security/products/campaign/apsb19-28.html

 

Adobe Flash Player – Arbitrary Code Execution Vulnerability

 

Description: Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS.

Threat: Successful exploitation could lead to arbitrary code execution in the context of the current user.

Criticality: High

Update/Patch: https://helpx.adobe.com/security/products/flash-player/apsb19-30.html

 

Evernote Web Clipper for Chrome – Cross-Site Scripting (XSS) Vulnerability

 

Description: A universal XSS vulnerability exists in Evernote Web Clipper for Chrome allows hackers to access sensitive user information.

Threat: An attacker who successfully exploited the vulnerability could bypass the browser’s same-origin policy (SOP) and execute arbitrary code on the user’s behalf.

Criticality: High

Update/Patch: https://evernote.com/security/updates

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Register your email to receive the latest news and updates from getNEXT.


You have Successfully Subscribed!

Share This